Medium-Sized Businesses Face Growing Cyber-Threat

Mid-sized organizations are slashing or freezing their security budgets even as they are experiencing an increase in cyber-attacks, according to a study from security vendor McAfee.

Mid-sized companies report an increase in cyber-threats this past
year, even as many are simultaneously freezing their IT security budgets, according to a
report released by McAfee on Oct. 13. The report is based on a survey of more than 1,100 IT managers worldwide working at companies with 51 to 1,000 employees.

According to "The Security Paradox"
study, more than half of the mid-sized companies surveyed have seen an increase in
security incidents in the 12-month period from mid-2009 to mid-2010 compared with the prior 12-month period. One in five respondents say their organizations had a security incident that
directly affected revenue. On average, companies lost $41,000. Of
those who had been hacked, 16 percent report that it took them more than a
week to recover from the damage.

About one-third of respondents say they were attacked repeatedly, and
more than half of those incidents were serious enough to take up to
five
hours to investigate and fix, according to the report. In the United States, the average number of cyber-attacks against mid-sized organizations more than quadrupled from mid-2008 to mid-2009, McAfee says.

Even as threats increase and grow in severity, IT security budgets are way down. More than half (58 percent) of respondents to the McAfee survey say their organizations spent fewer than three hours per week working on,
evaluating and researching IT security options in the past 12 months.